Question
Security of httpd (url string exploit?)
- Posted January 6, 2013
Hi. Logwatch on my CentOS VPS reported the following:
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server 222.73.21.47
A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP Response 200
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
vsftpd: Unknown Entries: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator rhost=92.86.139.111 : 105 Time(s) check pass; user unknown: 105 Time(s)
---------------------- pam_unix End -------------------------
Is this serious? What should I do next?
Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
It is quite common to have remote users attempt to exploit any server that is on a public IP address. <br> <br>If you follow our default setup instructions you should not have any issue with this. <br> <br>Additionally the /etc/passwd file does not have any hashed passwords which are instead stored in your shadow file.